# Recon-ng dns zone snoop

## recon-ng

```
recon-ng --no-check --no-analytic
```

## Reverse Resolve Hosts

* If you have IP but not the names:

```
> recon-ng
> help
> show <tab><tab>
> show schema
> set NAMESERVER 10.10.10.3
> show modules
> show options

> search resolve
> use recon/netblocks-hosts/reverse
> show info
> add netblocks 10.10.10.0/24
> show netblocks
> run
> show hosts

  +----------------------------------------
  | row   | host            | ip_address  | 
  +----------------------------------------
  | 1     | frodo.tgt       | 10.10.10.1  | 
  | 2     | samwise.tgt     | 10.10.10.2  | 
  | 3     | gandalf.tgt     | 10.10.10.3  | 
  +----------------------------------------
```

## Dig Zone Transfer

```
dig www.google.com
dig @5.5.5.5 www.msn.org
dig @10.10.10.1 frodo.tgt -t AXFR

+recursive
+norecursive
```

## Cache Snoop for AV

* Get a hint for what AV your target is using
* Shows activity for common-used AV update activity

```
> recon-ng
> use discovery/info_disclosure/cache_snoop
> show options
> set NAMESERVER 10.10.10.1
> run 

[*] update.symantec.com => Snooped!
[*] guru.avg.com => Snooped!

cleanup:
> exit
> rm -rf .recon-ng/
```